This is a further update to our prior post about the breaking news of a major Cyber Bank Heist.
The amount supposedly stolen from assorted banks around the globe is now being published to be around $1 Billion Dollars.
Racks filled with Cisco Networking gear. Photo Credit Vincent Banial
Kaspersky Lab will have their presentation on this, later today (Monday Feb 16 2015) at the Security Analyst Summit (SAS) in Cancun, Mexico.
Kaspersky Lab Cybersecurity Experts have apparently dubbed the Hacker Gang as “Carbanak“. That name came from the fact that the early versions of the Malware developed for this Cyber Bank Heist was based on on code from the Carberp Trojan. Underground Black sites on the Tor Onion network have apparently been selling the code for the Carberp Trojan for a couple of years.
The numbers are astounding. About 100 Banks around the globe were supposedly infiltrated via the Carbanak Malware. Web posts talk about at least 300 IP addresses were compromised and then monitored by the Hackers. That monitoring had apparently been going for extended periods – as in months. The Hackers were also very knowledgeable about Banking Accounting, Fund Transfer and ATM Systems.
The big shocker is that this Hack is apparently “still active”. Many more Banks will have to be investigated to see if they have been infiltrated.
Me thinks that this is just the tip of the iceberg. It also reminds me of REGIN, a highly advanced multi stage stealth Malware with anti-forensics capabilities.
Click on this line to view the Kaspersky Lab White Paper on The REGIN Platform.
On December 01 2014 Kaspersky Lab posted Kaspersky Security Bulletin 2014. Predictions 2015. In that report they posted:
“During a recent investigation, we discovered an attack in which an accountant’s computer was compromised and used to initiate a large transfer with a financial institution. It represented the emergence of an interesting trend: targeted attacks directly against banks.
We are seeing an upsurge in malware incidents where banks are being breached using methods coming directly from the APT playbook. Once the attackers got into the banks’ networks, they siphon enough information to allow them to steal money directly from the bank in several ways:
- Remotely commanding ATMs to dispose cash.
- Performing SWIFT transfers from various customers accounts,
- Manipulating online banking systems to perform transfers in the background.”
What Kaspersky Lab had written about on Dec 01 2014, is what seems to have transpired at a huge number of Banks around the Globe.
This is the Major News Story of 2015.
Click on this line to read TIME magazine’s coverage of this Worldwide Bank Hack.
Click on this line to read The Register’s coverage of this Major Cybersecurity News.
Posted by: Vincent Banial
Disclaimer: Any Trademarks mentioned in this post are owned by the respective Trademark owner. There could be unintentional errors or omissions in this post. Always refer to the official sites to confirm details and any ongoing changes or updates. This post is subject to change without notice.